Category Archives: Windows Intune

Post navigation

As you all know, Intune can deploy all kind of settings and profiles (security settings, WiFi, Certificate, Mail and VPN profiles) to your users and devices. But what if you want to remove one of the settings/profiles.

Until now this hasn’t been possible (expect if you did a selective wipe/full wipe). With the updates delivered in the November and December release of Microsoft Intune backend, the policy will be removed when:

User or device leaves a collection / Group where policy was targeted to

Admin removes the deployment

Admin removes the policy itself

Note that this feature is available in both if you use Microsoft Intune Standalone and SCCM UDM with Intune.

As with all things we do with the device, we are dependent of underlying management platform. Below you see what’s can remove per platform.

Last week Samsung announced that Samsung KNOX will support Windows Intune. Except for this, they also announced that they will add “Workplace Join” functionality into the Samsung Androids devices so the will be able to workplace join an Active Directory (this can be done on IOS and Windows 8.x today).

This is very good news for all Windows Intune customers that uses Samsung Android devices, really looking forward to the update

The Jan/Feb 2014 update to Windows Intune has now been out for a couple of weeks. This was the first update that was released through the SCCM “Extensions for Windows Intune”

So what did the update actually include:

Ability for the administrator to configure email profiles, which can automatically configure (IOS and WP8) the device with the appropriate email server information and related policies, as well as the ability to remove the profile along with the email itself via a remote wipe if needed (Only IOS).

Support for new configuration settings in iOS 7, including the "Managed open in" capability to protect corporate data by controlling which apps and accounts are used to open documents and attachments, and disabling the fingerprint unlock feature.

Ability for the administrator to remotely lock the device if it is lost or stolen, and reset the password if the user forgets it (as of now, this this feature only exist in the Intune standalone cloud service).

If you would like to see a good demo of some of the new features, please look at the interview on Channel9 with Martin Booth

If you are a Windows Intune user you probably know that to be able to test managing Windows Phone 8 you need a special certificate from Symantec and to get this you also need to have a special Windows Phone developer account. This has been a lot of hassle for people that just want to test the functionally or to demo it. In May Microsoft released a “Support tool” that included a presigned Company Portal that you could install and upload in SCCM and you were all set to start testing enrolling Windows Phones. The problem were that this support tool only worked if you used SCCM+Intune, not if you were a user of the Standalone Window Intune service. The good news is that from today, the Support Tools also work for everyone that want to test Windows Phone 8 management in Windows Intune Standalone service.

Install the MSI that you download from Microsoft Download Center It will extract the sample SSP.xap and other sample xap files included in the MSI. The default location for the files is “C:\Program Files (x86)\Microsoft\Support Tool for Windows Intune Trial management of Windows Phone 8\” Note: The support tool included in the package is not needed for Windows Intune administrators. It is required for only Microsoft System Center 2012 Configuration Manager Administrators.

As promised, yesterday Microsoft released version 2 of Windows Intune. Compared to standard software that require you to plan your upgrade etc. you will not have to do anything to get your Intune infrastructure upgraded. In the upcoming weeks, Intune customers will reciew an mail informing them that their account will be upgraded.